You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We set up the backbone to support Stripe webhook [1] events. There're two
different use cases:
- Users want to listen to certain webhook events. They'll need to add
their names in a `webhook_events` setting.
- This extension code makes internal use of some of them. That's
something programmed, and when the time comes, we'll need to add the
event names in the `SolidusStripe::Webhook::Event::CORE_EVENTS`
constant.
A new `POST /webhooks` endpoint exists to support the integration. Users
must also configure a `solidus_stripe.webhook_endpoint_secret` Rails
credential to validate the incoming events [2]. There's also a
`webhook_signature_tolerance` setting to change the default number of
seconds while a signature is valid [3].
When an incoming webhook arrives, a matching `Spree::Bus` event
prepended with `stripe.` is published. Therefore, all the usual
techniques in Solidus's pub/sub system [4] are allowed.
[1] - https://stripe.com/docs/webhooks
[2] - https://stripe.com/docs/webhooks/signatures
[3] - https://stripe.com/docs/webhooks/signatures#replay-attacks
[4] - https://guides.solidus.io/customization/subscribing-to-events
0 commit comments